aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-02-14 05:42:50 +0000
committerlloyd <[email protected]>2010-02-14 05:42:50 +0000
commit508ccf7deb5ae8acb05d3514067bf3d0cc504a62 (patch)
tree56c0002503c01af255193aca762415875775170d
parent1e596a25e32c3106b3d6e2aceb64a270a8b30713 (diff)
Various minor SSL fixes
-rw-r--r--doc/examples/tls_client.cpp14
-rw-r--r--doc/examples/tls_server.cpp2
-rw-r--r--src/ssl/cert_ver.cpp2
-rw-r--r--src/ssl/hello.cpp2
-rw-r--r--src/ssl/rec_read.cpp6
-rw-r--r--src/ssl/rec_wri.cpp1
-rw-r--r--src/ssl/tls_alerts.h2
-rw-r--r--src/ssl/tls_client.cpp21
-rw-r--r--src/ssl/tls_exceptn.h32
-rw-r--r--src/ssl/tls_messages.h2
-rw-r--r--src/ssl/tls_policy.h2
-rw-r--r--src/ssl/tls_record.h2
-rw-r--r--src/ssl/tls_server.cpp7
-rw-r--r--src/ssl/tls_session_key.h2
-rw-r--r--src/ssl/tls_suites.cpp3
15 files changed, 48 insertions, 52 deletions
diff --git a/doc/examples/tls_client.cpp b/doc/examples/tls_client.cpp
index 20fde6354..9e6b510f2 100644
--- a/doc/examples/tls_client.cpp
+++ b/doc/examples/tls_client.cpp
@@ -21,27 +21,23 @@ int main()
{
LibraryInitializer init;
- Unix_Socket sock("randombit.net", 443);
+ Unix_Socket sock("www.randombit.net", 443);
std::auto_ptr<Botan::RandomNumberGenerator> rng(
Botan::RandomNumberGenerator::make_rng());
TLS_Client tls(*rng, sock);
- printf("Connection open\n");
+ std::string http_command = "GET /bitbashing\r\n";
+ tls.write((const byte*)http_command.c_str(), http_command.length());
while(true)
{
if(tls.is_closed())
break;
- std::string str;
- std::getline(std::cin, str);
- str += "\n";
- tls.write((const byte*)str.c_str(), str.length());
-
- byte buf[4096] = { 0 };
- tls.read(buf, sizeof(buf));
+ byte buf[16+1] = { 0 };
+ u32bit got = tls.read(buf, sizeof(buf)-1);
printf("%s", buf);
fflush(0);
}
diff --git a/doc/examples/tls_server.cpp b/doc/examples/tls_server.cpp
index d5cb77a84..72212de0f 100644
--- a/doc/examples/tls_server.cpp
+++ b/doc/examples/tls_server.cpp
@@ -37,7 +37,7 @@ int main()
X509_Certificate cert =
X509::create_self_signed_cert(options, key, "SHA-1", *rng);
- Unix_Server_Socket listener(4433);
+ Unix_Server_Socket listener(4434);
printf("Now listening...\n");
diff --git a/src/ssl/cert_ver.cpp b/src/ssl/cert_ver.cpp
index 3ea6db685..c75a96c4c 100644
--- a/src/ssl/cert_ver.cpp
+++ b/src/ssl/cert_ver.cpp
@@ -7,9 +7,9 @@
#include <botan/tls_messages.h>
#include <botan/look_pk.h>
-#include <botan/loadstor.h>
#include <botan/rsa.h>
#include <botan/dsa.h>
+#include <botan/loadstor.h>
#include <memory>
namespace Botan {
diff --git a/src/ssl/hello.cpp b/src/ssl/hello.cpp
index ba30ec5f7..4f7676bb3 100644
--- a/src/ssl/hello.cpp
+++ b/src/ssl/hello.cpp
@@ -6,9 +6,7 @@
*/
#include <botan/tls_messages.h>
-#include <botan/tls_exceptn.h>
#include <botan/loadstor.h>
-#include <botan/exceptn.h>
namespace Botan {
diff --git a/src/ssl/rec_read.cpp b/src/ssl/rec_read.cpp
index f6cedb2b7..c881119cd 100644
--- a/src/ssl/rec_read.cpp
+++ b/src/ssl/rec_read.cpp
@@ -6,9 +6,9 @@
*/
#include <botan/tls_record.h>
-#include <botan/tls_exceptn.h>
-#include <botan/loadstor.h>
#include <botan/lookup.h>
+#include <botan/loadstor.h>
+#include <botan/internal/debug.h>
namespace Botan {
@@ -191,7 +191,7 @@ SecureVector<byte> Record_Reader::get_record(byte& msg_type)
mac.write(plaintext, plain_length);
mac.end_msg();
- seq_no++;
+ ++seq_no;
SecureVector<byte> computed_mac = mac.read_all(Pipe::LAST_MESSAGE);
diff --git a/src/ssl/rec_wri.cpp b/src/ssl/rec_wri.cpp
index e48c9c571..4345241ee 100644
--- a/src/ssl/rec_wri.cpp
+++ b/src/ssl/rec_wri.cpp
@@ -6,7 +6,6 @@
*/
#include <botan/tls_record.h>
-#include <botan/tls_exceptn.h>
#include <botan/handshake_hash.h>
#include <botan/lookup.h>
#include <botan/loadstor.h>
diff --git a/src/ssl/tls_alerts.h b/src/ssl/tls_alerts.h
index 9051e052f..8bc112761 100644
--- a/src/ssl/tls_alerts.h
+++ b/src/ssl/tls_alerts.h
@@ -8,7 +8,7 @@
#ifndef BOTAN_ALERT_H__
#define BOTAN_ALERT_H__
-#include <botan/exceptn.h>
+#include <botan/tls_exceptn.h>
namespace Botan {
diff --git a/src/ssl/tls_client.cpp b/src/ssl/tls_client.cpp
index e4dc90761..9302311c9 100644
--- a/src/ssl/tls_client.cpp
+++ b/src/ssl/tls_client.cpp
@@ -8,13 +8,10 @@
#include <botan/tls_client.h>
#include <botan/tls_alerts.h>
#include <botan/tls_state.h>
-#include <botan/tls_exceptn.h>
-
#include <botan/loadstor.h>
-
#include <botan/rsa.h>
-#include <botan/dh.h>
#include <botan/dsa.h>
+#include <botan/dh.h>
namespace Botan {
@@ -383,17 +380,17 @@ void TLS_Client::process_handshake_msg(Handshake_Type type,
)
)
throw TLS_Exception(HANDSHAKE_FAILURE,
- "Server reply w/ bad ciphersuite");
+ "TLS_Client: Server replied with bad ciphersuite");
state->version = state->server_hello->version();
if(state->version > state->client_hello->version())
throw TLS_Exception(HANDSHAKE_FAILURE,
- "Server replied with bad version");
+ "TLS_Client: Server replied with bad version");
if(state->version < policy->min_version())
throw TLS_Exception(PROTOCOL_VERSION,
- "Server is too old for specified policy");
+ "TLS_Client: Server is too old for specified policy");
writer.set_version(state->version);
reader.set_version(state->version);
@@ -412,11 +409,11 @@ void TLS_Client::process_handshake_msg(Handshake_Type type,
peer_certs = state->server_certs->cert_chain();
if(peer_certs.size() == 0)
throw TLS_Exception(HANDSHAKE_FAILURE,
- "No certificates sent by server");
+ "TLS_Client: No certificates sent by server");
if(!policy->check_cert(peer_certs, peer_id))
throw TLS_Exception(BAD_CERTIFICATE,
- "Server certificate is not valid");
+ "TLS_Client: Server certificate is not valid");
state->kex_pub = peer_certs[0].subject_public_key();
@@ -470,7 +467,7 @@ void TLS_Client::process_handshake_msg(Handshake_Type type,
state->client_hello->random(),
state->server_hello->random()))
throw TLS_Exception(DECRYPT_ERROR,
- "Bad signature on server key exchange");
+ "Bad signature on server key exchange");
}
}
else if(type == CERTIFICATE_REQUEST)
@@ -541,7 +538,7 @@ void TLS_Client::process_handshake_msg(Handshake_Type type,
if(!state->server_finished->verify(state->keys.master_secret(),
state->version, state->hash, SERVER))
throw TLS_Exception(DECRYPT_ERROR,
- "Finished message didn't verify");
+ "Finished message didn't verify");
delete state;
state = 0;
@@ -565,7 +562,7 @@ void TLS_Client::do_handshake()
if(active && !state)
break;
if(!active && !state)
- throw TLS_Exception(HANDSHAKE_FAILURE, "Handshake failed");
+ throw TLS_Exception(HANDSHAKE_FAILURE, "TLS_Client: Handshake failed");
state_machine();
}
diff --git a/src/ssl/tls_exceptn.h b/src/ssl/tls_exceptn.h
index 15f52b19a..ed9d990a2 100644
--- a/src/ssl/tls_exceptn.h
+++ b/src/ssl/tls_exceptn.h
@@ -1,32 +1,38 @@
-/*
-* SSL Exceptions
-* (C) 2004-2010 Jack Lloyd
+/**
+* Exceptions Header File
+* (C) 2004-2006 Jack Lloyd
*
-* Distributed under the terms of the Botan license
+* Released under the terms of the Botan license
*/
-#ifndef BOTAN_SSL_EXCEPTION_H__
-#define BOTAN_SSL_EXCEPTION_H__
+#ifndef BOTAN_TLS_EXCEPTION_H__
+#define BOTAN_TLS_EXCEPTION_H__
-#include <botan/tls_magic.h>
#include <botan/exceptn.h>
+#include <botan/tls_magic.h>
namespace Botan {
-struct BOTAN_DLL TLS_Exception : public Exception
+/**
+* Exception Base Class
+*/
+class BOTAN_DLL TLS_Exception : public Exception
{
public:
- Alert_Type type() const { return alert_type; }
+ Alert_Type type() const throw() { return alert_type; }
- TLS_Exception(Alert_Type type, const std::string& msg) :
- Exception("SSL/TLS error: " + msg), alert_type(type)
- {}
+ TLS_Exception(Alert_Type type,
+ const std::string& err_msg = "Unknown error") :
+ Exception(err_msg), alert_type(type) {}
private:
Alert_Type alert_type;
};
-struct BOTAN_DLL Unexpected_Message : public TLS_Exception
+/**
+* Unexpected_Message Exception
+*/
+struct Unexpected_Message : public TLS_Exception
{
Unexpected_Message(const std::string& err) :
TLS_Exception(UNEXPECTED_MESSAGE, err) {}
diff --git a/src/ssl/tls_messages.h b/src/ssl/tls_messages.h
index 977dfbbc3..87bfdde05 100644
--- a/src/ssl/tls_messages.h
+++ b/src/ssl/tls_messages.h
@@ -9,8 +9,8 @@
#define BOTAN_TLS_MESSAGES_H__
#include <botan/tls_record.h>
-#include <botan/tls_policy.h>
#include <botan/handshake_hash.h>
+#include <botan/tls_policy.h>
#include <botan/bigint.h>
#include <botan/pkcs8.h>
#include <botan/x509cert.h>
diff --git a/src/ssl/tls_policy.h b/src/ssl/tls_policy.h
index 3e3ba9d73..081cebaea 100644
--- a/src/ssl/tls_policy.h
+++ b/src/ssl/tls_policy.h
@@ -8,9 +8,9 @@
#ifndef BOTAN_POLICY_H__
#define BOTAN_POLICY_H__
+#include <botan/tls_magic.h>
#include <botan/x509cert.h>
#include <botan/dl_group.h>
-#include <botan/tls_magic.h>
#include <vector>
namespace Botan {
diff --git a/src/ssl/tls_record.h b/src/ssl/tls_record.h
index b362d3fb7..420ec7d50 100644
--- a/src/ssl/tls_record.h
+++ b/src/ssl/tls_record.h
@@ -9,8 +9,8 @@
#define BOTAN_RECORDS_H__
#include <botan/tls_session_key.h>
-#include <botan/tls_suites.h>
#include <botan/socket.h>
+#include <botan/tls_suites.h>
#include <botan/pipe.h>
#include <vector>
diff --git a/src/ssl/tls_server.cpp b/src/ssl/tls_server.cpp
index a530d04dd..6ee4f51d2 100644
--- a/src/ssl/tls_server.cpp
+++ b/src/ssl/tls_server.cpp
@@ -7,7 +7,7 @@
#include <botan/tls_server.h>
#include <botan/tls_alerts.h>
-#include <botan/tls_exceptn.h>
+#include <botan/tls_state.h>
#include <botan/loadstor.h>
#include <botan/rsa.h>
#include <botan/dh.h>
@@ -23,7 +23,7 @@ Version_Code choose_version(Version_Code client, Version_Code minimum)
{
if(client < minimum)
throw TLS_Exception(PROTOCOL_VERSION,
- "Client's protocol is unacceptable by policy");
+ "Client version is unacceptable by policy");
if(client == SSL_V3 || client == TLS_V10)
return client;
@@ -458,8 +458,7 @@ void TLS_Server::do_handshake()
state_machine();
if(!active && !state)
- throw TLS_Exception(HANDSHAKE_FAILURE,
- "TLS_Server: Handshake failed");
+ throw TLS_Exception(HANDSHAKE_FAILURE, "TLS_Server: Handshake failed");
}
}
diff --git a/src/ssl/tls_session_key.h b/src/ssl/tls_session_key.h
index f3feee86e..62e18e645 100644
--- a/src/ssl/tls_session_key.h
+++ b/src/ssl/tls_session_key.h
@@ -9,7 +9,7 @@
#define BOTAN_SESSION_KEYS_H__
#include <botan/tls_suites.h>
-#include <botan/tls_magic.h>
+#include <botan/tls_exceptn.h>
#include <botan/symkey.h>
namespace Botan {
diff --git a/src/ssl/tls_suites.cpp b/src/ssl/tls_suites.cpp
index f5c1ceacc..1146d81d8 100644
--- a/src/ssl/tls_suites.cpp
+++ b/src/ssl/tls_suites.cpp
@@ -7,8 +7,9 @@
#include <botan/tls_suites.h>
#include <botan/tls_exceptn.h>
-#include <botan/tls_magic.h>
#include <botan/parsing.h>
+#include <vector>
+#include <string>
namespace Botan {